I have about 120 sites added to my account. It’s been a nuisance that I have to wait for each of them to propagate the nameserver change first, and THEN manually change the SSL/TLS encryption from “Flexible” to “Full”.
Is there a way to find any site in my account that is NOT set to Full, just to be safe?
I know that I can write a bash script using API to manually set them all, but I don’t want to waste time building this if an option already exists.
You can use my script if you want, though I must strongly advise against using Full. Full is really no better then Flexible, as it will accept any certificate. Only Full (strict) is secure.
#!/usr/bin/python3
import json
from urllib.request import Request, urlopen
api_key = "YOUR_API_KEY"
email = "YOUR_EMAIL"
user_agent = "WHATEVER" # Cloudflare blocks URLLib default user-agent
request = Request("https://api.cloudflare.com/client/v4/zones",
headers = {"X-Auth-Key": f"{api_key}",
"X-Auth-Email": f"{email}",
"Content-Type": "application/json",
"User-Agent": f"{user_agent}"})
response = urlopen(request).read()
zones = json.loads(response)["result"]
for zone in zones:
zone_id = zone["id"]
name = zone["name"]
request = Request(f"https://api.cloudflare.com/client/v4/zones/{zone_id}/settings/ssl",
headers = {"X-Auth-Key": f"{api_key}",
"X-Auth-Email": f"{email}",
"Content-Type": "application/json",
"User-Agent": f"{user_agent}"},
data = json.dumps({"value": "strict"}).encode("utf-8"),
method = "PATCH")
response = json.loads(urlopen(request).read())
try:
status = response["result"]["value"]
print(name + ": " + status)
except:
print(name + ": " + "Something went wrong.")
This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.